pajoye Thu, 04 Feb 2010 09:40:38 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=294515
Log:
- Fixed a possible open_basedir/safe_mode bypass in session extension
Changed paths:
_U php/php-src/branches/PHP_5_3_2/
U php/php-src/branches/PHP_5_3_2/ext/session/session.c
_U php/php-src/branches/PHP_5_3_2/ext/tidy/tests/
_U
php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt
Property changes on: php/php-src/branches/PHP_5_3_2
___________________________________________________________________
Modified: svn:mergeinfo
-
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294278
/php/php-src/trunk:284726
+
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278
/php/php-src/trunk:284726
Modified: php/php-src/branches/PHP_5_3_2/ext/session/session.c
===================================================================
--- php/php-src/branches/PHP_5_3_2/ext/session/session.c 2010-02-04
09:37:38 UTC (rev 294514)
+++ php/php-src/branches/PHP_5_3_2/ext/session/session.c 2010-02-04
09:40:38 UTC (rev 294515)
@@ -687,8 +687,13 @@
return FAILURE;
}
- if ((p = zend_memrchr(new_value, ';', new_value_length))) {
+ /* we do not use zend_memrchr() since path can contain ; itself
*/
+ if ((p = strchr(new_value, ';'))) {
+ char *p2;
p++;
+ if ((p2 = strchr(p, ';'))) {
+ p = p2 + 1;
+ }
} else {
p = new_value;
}
Property changes on: php/php-src/branches/PHP_5_3_2/ext/tidy/tests
___________________________________________________________________
Modified: svn:mergeinfo
-
/php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294278
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941
+
/php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941
Property changes on:
php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt
___________________________________________________________________
Modified: svn:mergeinfo
-
/php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294278
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
+
/php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
